Archives of the TeradataForum
Message Posted: Tue, 15 May 2012 @ 21:45:13 GMT
Start simple, with an LDAP authentication-only strategy for a few users.
1. Enable external authentication (see Chapter 4 of Security Administration)
2. Make sure there is a Teradata Database username that corresponds to each directory username in you test group.
3. Grant these corresponding database users LOGON WITH NULL PASSWORD logon privileges (Chapter 4)
4. Enable the LDAP mechanism and configure the LdapServerName property. See Chapter 16 for general configuration instructions and Appendix A for configuring LdapServerName.
5. See Security Admin Chapter 7 for LDAP logon requirements.
Add authorization and other LDAP options a little at a time. Start by reviewing Security Admin Chapter 12 and follow the instructions and links. The big task is using the information in Chapter 14 or 15 (depending on whether you can use Teradata schema extensions in your directory) to do user mapping in the directory to support authorization. Work closely with the directory administrator. Note that for authorization of privileges in the directory, the directory username does not need to match a database username.
The user identification options in Chapter 20 help speed directory searches, especially for complex networks.
The binding and protection options in Chapters 18 and 19 make the DB more secure, but are not required.
Enable LDAP and grant LOGON WITH NULL PASSWORD for the rest of the users when you know everything works.
There is, of course, more to it than that. But if you follow the instructions in Security Administration Chapters 4, 12, and 14 or 15, you'll get there.
|Copyright 2016 - All Rights Reserved|
|Last Modified: 28 Jun 2020|